diff --git a/include/ajax.forms.php b/include/ajax.forms.php
index 70c57e15bf233c11099eca2350633565141be953..41506c872f076bcc66d8582e1ef38bb4a462e4c0 100644
--- a/include/ajax.forms.php
+++ b/include/ajax.forms.php
@@ -381,9 +381,15 @@ class DynamicFormsAjaxAPI extends AjaxController {
     }
 
     function attach() {
+        global $thisstaff;
+
+        $config = DynamicFormField::objects()
+            ->filter(array('type__contains'=>'thread'))
+            ->first()->getConfiguration();
         $field = new FileUploadField();
+        $field->_config = $config;
         return JsonDataEncoder::encode(
-            array('id'=>$field->ajaxUpload())
+            array('id'=>$field->ajaxUpload($thisstaff ? true : false))
         );
     }
 
diff --git a/include/class.forms.php b/include/class.forms.php
index c097dd995ab0f8e48336215bb6acf578e0dfb440..062bcaea5a173b5b0f3cca56a8825bed5d281ef3 100644
--- a/include/class.forms.php
+++ b/include/class.forms.php
@@ -2837,7 +2837,7 @@ class FileUploadField extends FormField {
 
         // Check MIME type - file ext. shouldn't be solely trusted.
         if ($type && $config['__mimetypes']
-                && in_array($type, $config['__mimetypes']))
+                && in_array($type, $config['__mimetypes'], true))
             return true;
 
         // Return true if all file types are allowed (.*)